'Unrelenting' cyber threats rising, warns government

Cyber threats are on the rise and becoming more difficult to defend, with businesses increasingly targeted by cyber criminals, an alarming new report from the nation's top security brass warns.

The inaugural Australian Cyber Security Centre report – collated by the Australian Federal Police, the Australian Security Intelligence Organisation, the Defence Intelligence Organisation, the Australian Crime Commission, the Computer Emergency Response Team (CERT) Australia and the Australian Signals Directorate – tips the cost of these rising threats at more than $1 billion annually and rising.

Industries targeted.Credit:ACSC

Cyber attacks reported to the ASD leapt from 313 in 2011 to 1131 in 2014, while CERT responded to 11,073 threats to businesses in 2014.

The agencies conceded there were "gaps in our understanding of the extent and nature of malicious activity", particularly in the private sector.

Advertisement

Incidents responded to by ASDCredit:ACSC

Clive Lines, Australian Cyber Security Centre co-ordinator, said the report demonstrated that the cyber threat to Australian organisations were "undeniable, unrelenting" and continuing to grow.

The five sectors most at risk of cyber attack were energy, banking, communications, defence and transport.

The number, type and sophistication of cyber threats was increasing in Australia, making detection and response more difficult, the report said.

Confirmed compromises against Australian government systems have fallen since 2012, however.

It detailed examples of how widely reported vulnerabilities such as Heartbleed and Shellshock had impacted a range of systems in Australia.

One alleged offender was charged with several counts of attempted unauthorised access to 12 Australian servers, after attempting to access sensitive data more than 360 times via the Heartbleed vulnerability.

The report warned complacency and compromise were options that "Australia cannot afford", with the consequences of inadequate cyber security potentially including financial loss, reputational damage, intellectual property theft and disruption to business.

"Organisations must move now to implement cyber security measures to make Australia a harder target, increase the confidence of Australians when they are online, and maximise the benefits of the internet for Australian organisations," it said.